Total
2507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36547 | 1 Mara Cms Project | 1 Mara Cms | 2024-08-04 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | ||||
| CVE-2021-36356 | 1 Kramerav | 1 Viaware | 2024-08-04 | 9.8 Critical |
| KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. | ||||
| CVE-2021-36121 | 1 Echobh | 1 Sharecare | 2024-08-04 | 8.8 High |
| An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\SYSTEM). | ||||
| CVE-2021-35290 | 1 Balero Cms Project | 1 Balero Cms | 2024-08-04 | 7.2 High |
| File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. | ||||
| CVE-2021-35261 | 1 Bearadmin Project | 1 Bearadmin | 2024-08-04 | 9.8 Critical |
| File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. | ||||
| CVE-2021-34997 | 1 Commvault | 1 Commcell | 2024-08-04 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AppStudioUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13894. | ||||
| CVE-2021-34995 | 1 Commvault | 1 Commcell | 2024-08-04 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DownloadCenterUploadHandler class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-13756. | ||||
| CVE-2021-35002 | 2024-08-04 | N/A | ||
| BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122. | ||||
| CVE-2021-34685 | 1 Hitachi | 1 Vantara Pentaho | 2024-08-04 | 2.7 Low |
| UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution). | ||||
| CVE-2021-34639 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-08-04 | 7.5 High |
| Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | ||||
| CVE-2021-32089 | 1 Zebra | 2 Fx9500, Fx9500 Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-34551 | 3 Fedoraproject, Microsoft, Phpmailer Project | 3 Fedora, Windows, Phpmailer | 2024-08-04 | 8.1 High |
| PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | ||||
| CVE-2021-34427 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2024-08-04 | 9.8 Critical |
| In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. | ||||
| CVE-2021-34257 | 1 Wpanel Cms Project | 1 Wpanel Cms | 2024-08-04 | 8.8 High |
| Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image. | ||||
| CVE-2021-34076 | 1 Phpok | 1 Phpok | 2024-08-04 | 8.8 High |
| File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | ||||
| CVE-2021-34074 | 1 Pandorafms | 1 Pandora Fms | 2024-08-04 | 9.8 Critical |
| PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | ||||
| CVE-2021-34128 | 1 Laiketui | 1 Laiketui | 2024-08-04 | 8.8 High |
| LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname. | ||||
| CVE-2021-33884 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-08-04 | 6.5 Medium |
| An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten. | ||||
| CVE-2021-33828 | 1 Owncloud | 1 Files Antivirus | 2024-08-03 | 8.8 High |
| The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection. | ||||
| CVE-2021-33698 | 1 Sap | 1 Business One | 2024-08-03 | 8.8 High |
| SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | ||||